Maxim_Kazmin - Fotolia
Risk & Repeat: Why Ray Ozzie's Clear proposal isn't so clear
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Ray Ozzie's solution for going dark, known as Clear, and what infosec experts are saying about it.
One of the most well-known and respected software programmers believes he has found the solution to the going dark conundrum, but encryption experts and infosec professionals have their doubts.
Ray Ozzie's Clear proposal takes the simple approach of using a public/private key pairing to give law enforcement agencies access to encrypted devices. Under the proposal, the public key is contained on the device's chip, which can be used to encrypt the user's passcode, and a private key is stored in a hardware security module that can only be accessed by the vendor once law enforcement has possession of the device and a valid court order.
Ozzie's proposal, which was unveiled in a recent Wired article, contains few wrinkles compared to previous key escrow plans; a Clear private key can only be used for the device it was paired with, and once it has been unlocked with that key, the device is bricked and can no longer be used.
Ozzie, the former chief software architect and CTO of Microsoft, has had a storied career in the technology industry thanks to his creation of Lotus Notes and Groove Networks. However, many cryptography experts have criticized the proposal as short-sighted and lacking important technical details.
How does Ray Ozzie's Clear proposal compare to other so-called solutions to going dark? Does it solve existing security concerns about key escrow? How effective will Clear be at preventing surveillance abuses? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.